fix(codex): preserve plugin tool auth profiles

[clawsweeper]

Makes #83603 merge-ready for the ClawSweeper automerge loop.
The edit pass should inspect the live PR diff, review comments, and failing checks; rebase if needed; keep the contributor branch credited; and stop only when validation is green or an external blocker is proven.
Known failing checks:

• Failing check: macos-swift:FAILURE (https://github.com/openclaw/openclaw/actions/runs/26068444512/job/76644368844)

ClawSweeper 🐠 replacement reef notes:

• Cluster: automerge-openclaw-openclaw-83603
• Source PRs: fix(codex): preserve plugin tool auth profiles #83603
• Credit: Source PR: fix(codex): preserve plugin tool auth profiles #83603
• Validation: pnpm check:changed
• Replacement reason: ClawSweeper could not update the source PR branch directly, so it opened a writable replacement PR instead.
• Automerge requested by: @Takhoffman

• Repair fallback: GitHub rejected the repair branch push because it updates workflow files and the ClawSweeper app token does not have workflows permission

Co-author credit kept:

• @rubencu: Co-authored-by: Rubén Cuevas 4742789+rubencu@users.noreply.github.com

fish notes: model gpt-5.5, reasoning high; reviewed against 1f94c5d.

[clawsweeper]

Codex review: passed.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
This PR threads a Codex-only toolAuthProfileStore through embedded runner attempt params, uses it for Codex dynamic tool construction, forwards auth profiles into plugin-only tools, and adds regression tests plus a changelog entry.

Reproducibility: yes. The linked source PR includes a concrete before-fix negative control and after-fix gateway/TUI proof for x_search, and current-main source inspection shows Codex dynamic tools still receive only the scoped transport auth store.

PR rating
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster
Patch quality: 🐚 platinum hermit
Summary: The PR has strong proof context and a focused patch, with remaining confidence limited by the intentional auth-boundary and old-harness compatibility decisions.

Rank-up moves:

• Have the auth/runtime owner acceptance recorded for the Codex-only full-store exposure if the automerge request is not intended to cover it.
• Decide whether old installed Codex harness packages must keep working without toolAuthProfileStore support.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

PR egg
✨ Hatched: 🥚 common Brave Branchling

        .--^^^^--.           
     .-'  o    o  '-.        
    /       \__/      \      
   |    /\  ____  /\   |     
   |   /  \/____\/  \  |     
    \  \_.------._/  /       
     '._  `----'  _.'        
        '-.____.-'           
       _/|_|  |_|\_          
      /__|      |__\         
       .-----------.         
      '-------------'        

Rarity: 🥚 common.
Trait: watches the merge queue.
Share on X: post this hatch
Copy: My PR egg hatched a 🥚 common Brave Branchling in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• How to hatch it: reach status: 👀 ready for maintainer look or status: 🚀 automerge armed; that usually means sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

Real behavior proof
Override: A maintainer applied proof: override for this PR.

Risk before merge
Why this matters: - Codex dynamic tool construction now receives the full attempt auth profile store, including non-Codex provider credentials, so maintainers must explicitly accept that trusted Codex harness boundary.

• Older installed Codex harness packages that only consult authProfileStore will still receive the scoped transport store and may continue missing OAuth-backed plugin tools until they adopt toolAuthProfileStore.

Maintainer options:

1. Accept the Codex-only auth-store boundary (recommended)
   Proceed if maintainers accept that trusted Codex dynamic tool construction can see the full attempt auth store while model transport auth remains scoped.
2. Use a narrower tool credential resolver
   Replace full-store exposure with a provider-scoped resolver if maintainers want plugin tools to resolve credentials without handing Codex unrelated profiles.
3. Pause for old-harness compatibility
   Hold the PR if installed Codex harness packages that only read authProfileStore must keep OAuth-backed plugin tools working before a coordinated package update.

Next step before merge
No repair lane is needed: this automerge-armed replacement PR has no actionable review findings, so exact-head checks plus maintainer risk acceptance should gate merge.

Security
Cleared: No supply-chain change or unintentional secret-handling defect was found; the intentional Codex-only full auth store exposure is tracked as a merge risk for maintainer acceptance.

Review details

Best possible solution:

Land this replacement PR through the exact-head automerge gate once maintainers accept the Codex auth-store boundary and compatibility posture; otherwise narrow the credential resolver or add an old-harness compatibility path before merge.

Do we have a high-confidence way to reproduce the issue?

Yes. The linked source PR includes a concrete before-fix negative control and after-fix gateway/TUI proof for x_search, and current-main source inspection shows Codex dynamic tools still receive only the scoped transport auth store.

Is this the best way to solve the issue?

Yes, if maintainers accept the trusted Codex boundary. The patch keeps model transport auth scoped while giving Codex tool construction access to plugin credentials; a provider-scoped resolver would be safer if full-store exposure is not acceptable.

Label justifications:

• P2: This is a focused auth-provider bug fix for Codex plugin tool availability with limited blast radius but real user impact for OAuth-backed xAI tools.
• merge-risk: 🚨 compatibility: Older installed Codex harness packages may not understand toolAuthProfileStore and can keep seeing only the scoped transport auth store.
• merge-risk: 🚨 auth-provider: The fix changes which auth profile store Codex tool construction uses, affecting provider credential resolution for plugin tools.
• merge-risk: 🚨 security-boundary: The PR intentionally exposes the full attempt auth store to the Codex harness for tool construction, which is a credential-boundary decision.

What I checked:

• PR diff threads a separate tool auth store: The PR keeps authProfileStore scoped for model transport and adds toolAuthProfileStore only for Codex attempts, carrying the full attempt auth store for tool construction. (src/agents/pi-embedded-runner/run.ts:1449, c226f54be0c2)
• Codex dynamic tools consume the new store: Codex dynamic tool construction now passes params.toolAuthProfileStore ?? params.authProfileStore into createOpenClawCodingTools, which is the path that previously only saw the scoped transport store. (extensions/codex/src/app-server/run-attempt.ts:3225, c226f54be0c2)
• Plugin-only tools receive auth profiles: The PR forwards options.authProfileStore into resolveOpenClawPluginToolsForOptions, matching the xAI tool-auth path that resolves provider credentials during plugin tool construction. (src/agents/pi-tools.ts:869, c226f54be0c2)
• Regression coverage was added: The diff adds focused tests for Codex dynamic tool auth store selection, embedded-runner scoped/full store forwarding, and plugin-only tool auth profile forwarding. (extensions/codex/src/app-server/run-attempt.test.ts:1081, c226f54be0c2)
• Current main still lacks the fix: Current main at e9989f3a still passes only params.authProfileStore into Codex dynamic tool construction and has no toolAuthProfileStore field in the attempt params type. (extensions/codex/src/app-server/run-attempt.ts:3277, e9989f3a92e5)
• Branch is still unique relative to current main: The PR head differs from current main by the same 8 files and merge-base is f526d96c98abe302154edaf08d866bf44d108216, so this is not implemented on main yet. (c226f54be0c2)

Likely related people:

• steipete: Shortlog for the central Codex/agent/tool files is dominated by Peter Steinberger, and he committed or merged recent plugin-tool and auth-profile work in this area. (role: heavy area contributor and merger; confidence: high; commits: 43cc92dc07ab, 48f51c1a5199, f1cc8f0cfc7c; files: src/agents/pi-tools.ts, src/agents/openclaw-plugin-tools.ts, extensions/codex/src/app-server/run-attempt.ts)
• Takhoffman: The checked-out main graft commit carrying the central files is authored by Tak Hoffman, and Takhoffman requested automerge after the ClawSweeper risk review. (role: recent area contributor and automerge requester; confidence: medium; commits: c92ebd6a4104; files: src/agents/pi-embedded-runner/run.ts, extensions/codex/src/app-server/run-attempt.ts, src/agents/pi-tools.ts)
• vincentkoc: Vincent Koc authored recent Codex OAuth routing and bound-auth-profile reuse commits that touch the app-server auth surface this PR extends. (role: Codex auth runtime contributor; confidence: medium; commits: f1cc8f0cfc7c, 859eb0666282; files: extensions/codex/src/app-server/run-attempt.ts)
• brokemac79: The merged xAI auth-profile PR established the plugin tool credential behavior that this Codex path needs to preserve. (role: xAI tool auth-profile contributor; confidence: medium; commits: 48f51c1a5199; files: src/agents/openclaw-plugin-tools.ts, extensions/xai/x-search.ts, extensions/xai/src/tool-auth-shared.ts)
• ragesaq: A recent merged routing PR changed OpenAI Codex runtime provider routing and embedded-runner tests in the same auth-provider surface. (role: recent adjacent contributor; confidence: medium; commits: 58f1db1bc8eb; files: src/agents/pi-embedded-runner/run.ts, src/agents/openai-codex-routing.ts, src/agents/pi-embedded-runner/run.overflow-compaction.test.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against e9989f3a92e5.

[clawsweeper]

🦞✅
ClawSweeper merged this PR after the passing review.

Source: clawsweeper[bot]
Feedback: structured ClawSweeper verdict: pass (sha=c226f54be0c2b7907da40636cdd55f0467399f8e)
Merge status: merged by ClawSweeper automerge
Merged at: 2026-05-19T02:40:41Z
Merge commit: 8bd24ad6d4ab

What merged:

• This PR threads a Codex-only toolAuthProfileStore through embedded runner attempt params, uses it for Code ... struction, forwards auth profiles into plugin-only tools, and adds regression tests plus a changelog entry.
• Reproducibility: yes. The linked source PR includes a concrete before-fix negative control and after-fix gat ... urrent-main source inspection shows Codex dynamic tools still receive only the scoped transport auth store.

Automerge notes:

• PR branch already contained follow-up commit before automerge: test(codex): align dynamic tool auth test helper
• PR branch already contained follow-up commit before automerge: fix(codex): expose tool auth to installed harnesses
• PR branch already contained follow-up commit before automerge: test(codex): narrow auth store assertions
• PR branch already contained follow-up commit before automerge: fix(codex): preserve plugin tool auth profiles

The automerge loop is complete.

Automerge progress:

• 2026-05-19 01:33:46 UTC validation plan (passed) in 16s Run: https://github.com/openclaw/clawsweeper/actions/runs/26070605671 node scripts/run-vitest.mjs extensions/codex/src/app-server/run-attempt.test.ts src/agents/pi-embedded-runner/run.overflow-compaction.test.ts src/agents/pi-too...

• 2026-05-19 01:33:59 UTC Codex write preflight (passed) in 30s Run: https://github.com/openclaw/clawsweeper/actions/runs/26070605671 danger-full-access

• 2026-05-19 01:44:14 UTC Codex edit 1 61cc7fa671ea (complete) in 10m 45s Run: https://github.com/openclaw/clawsweeper/actions/runs/26070605671 exit 0

• 2026-05-19 01:50:35 UTC validation and review 1 c226f54be0c2 (base moved) in 17m 5s Run: https://github.com/openclaw/clawsweeper/actions/runs/26070605671 rebased

• 2026-05-19 01:50:38 UTC repair completed c226f54be0c2 (branch updated) in 17m 9s Run: https://github.com/openclaw/clawsweeper/actions/runs/26070605671 initial automerge rebase is delegated to Codex repair

• 2026-05-19 01:50:38 UTC review queued c226f54be0c2 (after repair)

• 2026-05-19 02:00:41 UTC automerge wait c226f54be0c2 (waiting) in 27m 12s Run: https://github.com/openclaw/clawsweeper/actions/runs/26070605671 waiting for exact-head ClawSweeper review pass

• 2026-05-19 02:40:26 UTC review passed c226f54be0c2 (structured ClawSweeper verdict: pass (sha=c226f54be0c2b7907da40636cdd55f0467399...)

• 2026-05-19 02:00:44 UTC repair finished c226f54be0c2 (pushed) in 27m 14s Run: https://github.com/openclaw/clawsweeper/actions/runs/26070605671 repair_contributor_branch

• 2026-05-19 02:16:15 UTC review queued c226f54be0c2 (queued)

• 2026-05-19 02:23:53 UTC repair queued c226f54be0c2 (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/26072333004

• 2026-05-19 02:27:46 UTC review queued c226f54be0c2 (queued)

• 2026-05-19 02:32:38 UTC repair started (running) in 1s Run: https://github.com/openclaw/clawsweeper/actions/runs/26072333004 automerge-openclaw-openclaw-83603

• 2026-05-19 02:32:42 UTC repair completed c226f54be0c2 (no branch change) in 4s Run: https://github.com/openclaw/clawsweeper/actions/runs/26072333004 no planned fix actions

• 2026-05-19 02:32:41 UTC review queued c226f54be0c2 (after no-op repair)

• 2026-05-19 02:40:44 UTC merged c226f54be0c2 (merged by ClawSweeper automerge)

[Takhoffman]

@clawsweeper automerge